Our team decided to adopt best practices and draw inspiration from HP's ideas, which led us to discover overlaps with the widely used error budget practice. We believe that utilizing the WRT metric would be a suitable solution to enhance security operations.

Weighted Risk Trend (WRT) is one of a Key Performance Indicators (KPIs) and provides business-level context to security-generated data.

WRT metric is a measure that expresses the state of security in numerical terms, without diving into technical details. The metric is linked to business criticality, which is linked to the risks associated with the vulnerabilities that exploit them. WRT can provide business value by helping teams identify and address security risks.

WRT is calculated using the formula:

• each type of multiplier is equal to the corresponding severity weight;

• defects is equal to the number of findings of this severity type;

• business criticality — an assessment of the importance of the product to the company, ranging from one to ten.